Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/jVD0Cx22C6rtJhjEyMwl_d7ttOM.roa
File:                     jVD0Cx22C6rtJhjEyMwl_d7ttOM.roa (raw, json)
Hash identifier:          vrC9crcbkmlgTTSHswR4Ww7gI1l8vbnHNsq1l2jd/ok=
Subject key identifier:   8D:50:F4:0B:1D:B6:0B:AA:ED:26:18:C4:C8:CC:25:FD:DE:ED:B4:E3
Certificate issuer:       /CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
Certificate serial:       019428239A055552380CD7AF6A3093FB4C60
Authority key identifier: 77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/jVD0Cx22C6rtJhjEyMwl_d7ttOM.roa
Signing time:             Thu 02 Jan 2025 17:50:09 +0000
ROA not before:           Thu 02 Jan 2025 17:50:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47216
IP address blocks:        87.248.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:9a:05:55:52:38:0c:d7:af:6a:30:93:fb:4c:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77f61fc7c0ab41ce154e7bcb08ef962351a46784
        Validity
            Not Before: Jan  2 17:50:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d50f40b1db60baaed2618c4c8cc25fddeedb4e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:9e:42:75:40:e9:64:25:5f:a3:25:d3:2d:16:
                    4e:e8:08:c3:ff:28:fb:7a:55:5c:d1:81:de:2c:5f:
                    af:02:33:c4:36:dc:e2:72:b5:b2:06:f0:de:f8:bb:
                    d7:91:a3:97:e1:a7:bc:cc:38:0d:21:48:12:77:bb:
                    e8:71:3f:40:37:97:c9:ff:b4:7f:24:90:d9:ac:83:
                    3f:e8:e8:c2:da:23:41:26:41:ab:c6:5d:5a:01:dd:
                    16:1d:dd:83:1a:e8:ca:29:b3:ad:84:4d:11:ad:bc:
                    e5:b6:55:a7:04:54:01:5e:87:12:b4:db:83:fd:47:
                    f5:57:d7:18:d1:a4:62:e4:15:ca:fc:45:b2:d1:79:
                    ca:15:66:5f:f3:7f:ec:8e:84:38:8c:b3:08:8b:cf:
                    c1:95:16:14:a1:d8:2a:59:c4:1f:4d:63:59:ca:57:
                    d2:44:50:9e:fc:1f:49:7d:f6:5c:de:f9:9b:97:f7:
                    3b:80:e3:b1:c7:cb:eb:6b:7f:e5:81:2d:59:9b:77:
                    24:49:82:01:e8:ec:ec:c6:fc:60:c9:a4:5e:a0:06:
                    4e:26:50:74:86:d5:c0:7f:68:c7:07:48:c1:45:8a:
                    2a:02:c9:89:69:6a:bc:2a:5b:55:4b:9c:0c:bb:56:
                    f6:42:73:1f:7e:48:60:5f:d8:06:c5:61:93:a6:dd:
                    b7:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:50:F4:0B:1D:B6:0B:AA:ED:26:18:C4:C8:CC:25:FD:DE:ED:B4:E3
            X509v3 Authority Key Identifier:
                keyid:77:F6:1F:C7:C0:AB:41:CE:15:4E:7B:CB:08:EF:96:23:51:A4:67:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/jVD0Cx22C6rtJhjEyMwl_d7ttOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/9213ec-85a9-48d6-aa69-edc9d02faf54/1/d_Yfx8CrQc4VTnvLCO-WI1GkZ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.248.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:8d:d0:2e:34:5d:85:18:2a:c9:d6:41:b9:67:ef:69:78:76:
         cb:6b:80:07:1d:9c:2e:fe:03:c4:3e:a7:58:49:c0:b2:92:ab:
         2f:9f:21:51:f6:c3:1a:e8:f3:ab:5e:99:46:fa:c5:8f:b9:e8:
         d7:bf:22:bd:dc:7d:8b:05:fe:32:fc:7a:bb:9e:97:8a:cc:44:
         e2:fa:a9:7b:05:08:7f:a8:5e:bc:43:1a:b5:e2:48:e8:77:21:
         96:a9:5d:20:0e:71:77:7f:a5:5f:32:02:58:ff:50:c0:02:b3:
         8f:ea:ef:cf:5a:fe:a7:69:e3:ff:e2:b2:76:2d:f7:fa:51:1d:
         ac:29:5e:e5:14:bf:86:59:98:24:0f:49:d6:ea:ae:6e:ae:bc:
         90:8f:42:aa:1e:42:bd:aa:88:54:fa:96:ef:3f:14:30:22:35:
         bb:3a:98:1e:4e:a1:93:0b:44:2f:1a:86:e8:00:66:21:f1:a5:
         78:66:d2:75:ae:2b:91:c4:9f:74:0b:71:e2:01:c5:e6:41:5e:
         64:86:07:91:29:c1:66:e7:47:9b:a6:f1:35:7d:97:62:87:a9:
         fb:22:3e:26:fc:07:90:6f:5b:31:f1:76:df:01:ef:49:79:25:
         51:be:db:ad:00:84:29:f4:e4:ec:fa:a6:e9:03:f9:4c:59:63:
         cb:dd:7a:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI5oFVVI4DNevajCT+0xgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3ZjYxZmM3YzBhYjQxY2UxNTRlN2JjYjA4ZWY5NjIzNTFh
NDY3ODQwHhcNMjUwMTAyMTc1MDA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDUwZjQwYjFkYjYwYmFhZWQyNjE4YzRjOGNjMjVmZGRlZWRiNGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlJ5CdUDpZCVfoyXTLRZO6AjD/yj7
elVc0YHeLF+vAjPENtzicrWyBvDe+LvXkaOX4ae8zDgNIUgSd7vocT9AN5fJ/7R/
JJDZrIM/6OjC2iNBJkGrxl1aAd0WHd2DGujKKbOthE0RrbzltlWnBFQBXocStNuD
/Uf1V9cY0aRi5BXK/EWy0XnKFWZf83/sjoQ4jLMIi8/BlRYUodgqWcQfTWNZylfS
RFCe/B9JffZc3vmbl/c7gOOxx8vra3/lgS1Zm3ckSYIB6OzsxvxgyaReoAZOJlB0
htXAf2jHB0jBRYoqAsmJaWq8KltVS5wMu1b2QnMffkhgX9gGxWGTpt23XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI1Q9Asdtguq7SYYxMjMJf3e7bTjMB8GA1UdIwQY
MBaAFHf2H8fAq0HOFU57ywjvliNRpGeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjkt
ZWRjOWQwMmZhZjU0LzEvalZEMEN4MjJDNnJ0SmhqRXlNd2xfZDd0dE9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC85MjEzZWMtODVhOS00OGQ2LWFhNjktZWRjOWQwMmZhZjU0
LzEvZF9ZZng4Q3JRYzRWVG52TENPLVdJMUdrWjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/iaMA0G
CSqGSIb3DQEBCwUAA4IBAQCbjdAuNF2FGCrJ1kG5Z+9peHbLa4AHHZwu/gPEPqdY
ScCykqsvnyFR9sMa6POrXplG+sWPuejXvyK93H2LBf4y/Hq7npeKzETi+ql7BQh/
qF68Qxq14kjodyGWqV0gDnF3f6VfMgJY/1DAArOP6u/PWv6naeP/4rJ2Lff6UR2s
KV7lFL+GWZgkD0nW6q5urryQj0KqHkK9qohU+pbvPxQwIjW7OpgeTqGTC0QvGobo
AGYh8aV4ZtJ1riuRxJ90C3HiAcXmQV5khgeRKcFm50ebpvE1fZdih6n7Ij4m/AeQ
b1sx8XbfAe9JeSVRvtutAIQp9OTs+qbpA/lMWWPL3Xq5
-----END CERTIFICATE-----